Mercurial > hg
annotate tests/test-wireproto.py @ 30766:d7bf7d2bd5ab
hgweb: support Content Security Policy
Content-Security-Policy (CSP) is a web security feature that allows
servers to declare what loaded content is allowed to do. For example,
a policy can prevent loading of images, JavaScript, CSS, etc unless
the source of that content is whitelisted (by hostname, URI scheme,
hashes of content, etc). It's a nifty security feature that provides
extra mitigation against some attacks, notably XSS.
Mitigation against these attacks is important for Mercurial because
hgweb renders repository data, which is commonly untrusted. While we
make attempts to escape things, etc, there's the possibility that
malicious data could be injected into the site content. If this happens
today, the full power of the web browser is available to that
malicious content. A restrictive CSP policy (defined by the server
operator and sent in an HTTP header which is outside the control of
malicious content), could restrict browser capabilities and mitigate
security problems posed by malicious data.
CSP works by emitting an HTTP header declaring the policy that browsers
should apply. Ideally, this header would be emitted by a layer above
Mercurial (likely the HTTP server doing the WSGI "proxying"). This
works for some CSP policies, but not all.
For example, policies to allow inline JavaScript may require setting
a "nonce" attribute on <script>. This attribute value must be unique
and non-guessable. And, the value must be present in the HTTP header
and the HTML body. This means that coordinating the value between
Mercurial and another HTTP server could be difficult: it is much
easier to generate and emit the nonce in a central location.
This commit introduces support for emitting a
Content-Security-Policy header from hgweb. A config option defines
the header value. If present, the header is emitted. A special
"%nonce%" syntax in the value triggers generation of a nonce and
inclusion in <script> elements in templates. The inclusion of a
nonce does not occur unless "%nonce%" is present. This makes this
commit completely backwards compatible and the feature opt-in.
The nonce is a type 4 UUID, which is the flavor that is randomly
generated. It has 122 random bits, which should be plenty to satisfy
the guarantees of a nonce.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 10 Jan 2017 23:37:08 -0800 |
| parents | 86db5cb55d46 |
| children | b47fe9733d76 |
| rev | line source |
|---|---|
|
28675
fcafd84bc9c5
py3: make test-wireproto use print_function
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28438
diff
changeset
|
1 from __future__ import absolute_import, print_function |
|
27301
5defcb7d6e5f
tests: use absolulte_import in test-wireproto.py
Gregory Szorc <gregory.szorc@gmail.com>
parents:
25912
diff
changeset
|
2 |
|
28860
50d11dd8ac02
py3: use multi-line import in test-wireproto.py
timeless <timeless@mozdev.org>
parents:
28675
diff
changeset
|
3 from mercurial import ( |
|
28861
86db5cb55d46
pycompat: switch to util.stringio for py3 compat
timeless <timeless@mozdev.org>
parents:
28860
diff
changeset
|
4 util, |
|
28860
50d11dd8ac02
py3: use multi-line import in test-wireproto.py
timeless <timeless@mozdev.org>
parents:
28675
diff
changeset
|
5 wireproto, |
|
50d11dd8ac02
py3: use multi-line import in test-wireproto.py
timeless <timeless@mozdev.org>
parents:
28675
diff
changeset
|
6 ) |
|
28861
86db5cb55d46
pycompat: switch to util.stringio for py3 compat
timeless <timeless@mozdev.org>
parents:
28860
diff
changeset
|
7 stringio = util.stringio |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
8 |
|
14764
a7d5816087a9
classes: fix class style problems found by b071cd58af50
Thomas Arendsen Hein <thomas@intevation.de>
parents:
14622
diff
changeset
|
9 class proto(object): |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
10 def __init__(self, args): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
11 self.args = args |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
12 def getargs(self, spec): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
13 args = self.args |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
14 args.setdefault('*', {}) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
15 names = spec.split() |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
16 return [args[n] for n in names] |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
17 |
|
17192
1ac628cd7113
peer: introduce real peer classes
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14765
diff
changeset
|
18 class clientpeer(wireproto.wirepeer): |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
19 def __init__(self, serverrepo): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
20 self.serverrepo = serverrepo |
|
25912
cbbdd085c991
batching: migrate basic noop batching into peer.peer
Augie Fackler <augie@google.com>
parents:
25708
diff
changeset
|
21 |
|
cbbdd085c991
batching: migrate basic noop batching into peer.peer
Augie Fackler <augie@google.com>
parents:
25708
diff
changeset
|
22 def _capabilities(self): |
|
cbbdd085c991
batching: migrate basic noop batching into peer.peer
Augie Fackler <augie@google.com>
parents:
25708
diff
changeset
|
23 return ['batch'] |
|
cbbdd085c991
batching: migrate basic noop batching into peer.peer
Augie Fackler <augie@google.com>
parents:
25708
diff
changeset
|
24 |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
25 def _call(self, cmd, **args): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
26 return wireproto.dispatch(self.serverrepo, proto(args), cmd) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
27 |
|
28438
48fd02dac1d4
wireproto: make iterbatcher behave streamily over http(s)
Augie Fackler <augie@google.com>
parents:
27301
diff
changeset
|
28 def _callstream(self, cmd, **args): |
|
28861
86db5cb55d46
pycompat: switch to util.stringio for py3 compat
timeless <timeless@mozdev.org>
parents:
28860
diff
changeset
|
29 return stringio(self._call(cmd, **args)) |
|
28438
48fd02dac1d4
wireproto: make iterbatcher behave streamily over http(s)
Augie Fackler <augie@google.com>
parents:
27301
diff
changeset
|
30 |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
31 @wireproto.batchable |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
32 def greet(self, name): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
33 f = wireproto.future() |
|
20686
c69f62906358
test-wireproto: move from dict() construction to {} literals
Augie Fackler <raf@durin42.com>
parents:
18278
diff
changeset
|
34 yield {'name': mangle(name)}, f |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
35 yield unmangle(f.value) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
36 |
|
14764
a7d5816087a9
classes: fix class style problems found by b071cd58af50
Thomas Arendsen Hein <thomas@intevation.de>
parents:
14622
diff
changeset
|
37 class serverrepo(object): |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
38 def greet(self, name): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
39 return "Hello, " + name |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
40 |
|
18278
753acee7d6dd
clfilter: make localpeer use a repo with "unserved" filter
Pierre-Yves David <pierre-yves.david@ens-lyon.org>
parents:
17192
diff
changeset
|
41 def filtered(self, name): |
|
753acee7d6dd
clfilter: make localpeer use a repo with "unserved" filter
Pierre-Yves David <pierre-yves.david@ens-lyon.org>
parents:
17192
diff
changeset
|
42 return self |
|
753acee7d6dd
clfilter: make localpeer use a repo with "unserved" filter
Pierre-Yves David <pierre-yves.david@ens-lyon.org>
parents:
17192
diff
changeset
|
43 |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
44 def mangle(s): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
45 return ''.join(chr(ord(c) + 1) for c in s) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
46 def unmangle(s): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
47 return ''.join(chr(ord(c) - 1) for c in s) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
48 |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
49 def greet(repo, proto, name): |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
50 return mangle(repo.greet(unmangle(name))) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
51 |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
52 wireproto.commands['greet'] = (greet, 'name',) |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
53 |
|
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
54 srv = serverrepo() |
|
17192
1ac628cd7113
peer: introduce real peer classes
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14765
diff
changeset
|
55 clt = clientpeer(srv) |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
56 |
|
28675
fcafd84bc9c5
py3: make test-wireproto use print_function
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28438
diff
changeset
|
57 print(clt.greet("Foobar")) |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
58 b = clt.batch() |
|
25708
d3d32643c060
wireproto: correctly escape batched args and responses (issue4739)
Augie Fackler <augie@google.com>
parents:
20686
diff
changeset
|
59 fs = [b.greet(s) for s in ["Fo, =;:<o", "Bar"]] |
|
14622
bd88561afb4b
wireproto: add batching support to wirerepository
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
diff
changeset
|
60 b.submit() |
|
28675
fcafd84bc9c5
py3: make test-wireproto use print_function
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28438
diff
changeset
|
61 print([f.value for f in fs]) |